id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses
17047 Not following spec for REQUEST_URI sterlo sterlo "Possibly related: #16932
Spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2
Structure: http://en.wikipedia.org/wiki/URI_scheme#Examples
The spec for REQUEST_URI:
{{{
Request-URI = ""*"" | absoluteURI | abs_path | authority
}}}
The specs for REQUEST_URI in Apache are such that it allows for absolute paths to a given resource.
Given that throughout WordPress there are concatenations like:
{{{
$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']
}}}
These are intended to generate ""mysite.com/resources""
But in certain cases will generated ""mysite.com/mysite.com/resources""
Case Study:
{{{
GET http://subdomain.mydomain.com/ HTTP/1.1
}}}
This should be allowed.
Apache in this case sets the URI to ""http://subdomain.mydomain.com/myfile.php""
Solution: Do not assume that URI is not an absolute path.
A quick fix is something like the patch attached." defect (bug) reviewing normal Future Release Rewrite Rules 3.1 normal has-patch